Tag: ESXi

In a previous post I wrote about how to update ESXi 6.5 using Command Line. It’s 6.7 time now, so here is the article explaining how to upgrade ESXi from 6.5 to 6.7 with the command line (esxcli). This method works either the ESXi server is standalone or added to a vCenter Server (I will use no component of vCenter Server).

As a prerequisite, I placed the ESXi 6.5 server in maintenance mode.

Upgrade ESXi from 6.5 to 6.7 with Command Line – Check ESXi Version

To find the current version of ESXi, after I connected with PuTTY to the server, I ran this command:

Show your support, share this article:

In this article I will show you how to install VMware vSphere 6.7. If you are looking for instructions about how to install vSphere 6.5, you can find them here.

To start, you need an installation iso for vSphere 6.7, which you can download from your My.VMware account. From here, I downloaded VMware-VMvisor-Installer-6.7.0-8169922.x86_64.iso (vSphere 6.7 build 8169922). I will install vSphere into a virtual machine (beware, this is a configuration unsupported by VMware, but often seen in home labs), so I will just mount the iso file into the CD drive and power on the VM.

Install VMware vSphere 6.7

As soon as the VM boots, you will see a “Loading ESXi installer screen”:

Show your support, share this article:

VMware released patches against Spectre-2 vulnerability. In order to protect against branch target injection vulnerability (also known as Spectre-2), you need to patch the full stack, ranging from vCenter, down to ESXi and the operating system. Don’t forget to also update the firmware for your hardware.

VMSA-2018-0004 – Hypervisor-Assisted Guest Remediation

Updates of vCenter Server, ESXi, Workstation and Fusion virtualize the new speculative-execution control mechanism for virtual machines. As a result, a patched guest operating system can remediate the Branch Target Injection issue (CVE identifier CVE-2017-5715). This issue may allow for information disclosure between processes within the VM.

Meltdown and Spectre Overview

Meltdown breaks the isolation between user applications and the operating system, and allows an application to access all system memory (this includes kernel allocated memory). Meltdown affects a range of Intel processors.

Spectre breaks the memory isolation between different applications, and allows an application to force another application to access arbitrary portions of its memory. Spectre affects a wide range of processors: Intel, AMD, and ARM.

“Both of these vulnerabilities are hardware level vulnerabilities that exist because of a flaw in CPU architecture. They are very serious vulnerabilities because they are operating system and software independent. The long term fix for both of these issues will require that CPU makers change the way their chips work, which means redesigning and releasing new chips.” – Defiant

You can find more information on both vulnerabilities on spectreattack.com. For comprehensive technical details, you can refer to these academic papers: Meltdown and Spectre.

CVE-2017-4941 – VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. A successful exploitation will result in remote code execution in a virtual machine via the authenticated VNC session. As prerequisites for a successful exploit, VNC must be manually enabled in a virtual machine’s .vmx configuration file and ESXi must be configured to allow VNC traffic through the firewall.

Show your support, share this article:

In a previous post I wrote about how to easily update ESXi 6.5 using Update Manager. This time I will show another method of updating ESXi, more specific I will update ESXi 6.5 with the command line tool (esxcli). This method works either the ESXi server is standalone or added to a vCenter Server (I will use no component of vCenter Server).

When is this method better than using the Update Manager? The simplest use case is when you have no vCenter Server (because Update Manager is a component of vCenter Server). In other cases, you may be more familiar running scripts than clicking into a user interface 🙂

As a prerequisite, I placed the ESXi server in maintenance mode. Let’s start!

Show your support, share this article:

In this article I will demonstrate how to easily update ESXi 6.5 using Update Manager.

In this demonstration I will use vCenter Update Manager, so I must have the proper vCenter version already installed. As a rule of thumb, you always need to update vCenter Server before ESXi (vSphere). Update process for VMware solutions can be tricky, so for specific order update for VMware products I suggest you to check KB2147289.

Check vCenter and ESXi versions

I will connect to my vCenter Server using vSphere Web Client and I will check the vCenter version. As you can see below, I am running vCenter version 6.5.0, build 6816762, which is the latest version at the moment I am writing this article.

Next, I will check ESXi version. I navigate in the left panel to the ESXi server I plan to update (esx1.lab.local). In the right panel, I can see the installed product: VMware ESXi 6.5.0 build 5310536.

I will use now my.vmware.com site.to find the latest version for ESXi 6.5. As you can see below, latest build is 6765664. Take note of the Bulletin Number, we will use it later: ESXi650-201710401-BG.

To start, you need an installation kit of vSphere 6.5. For this article, I will use the vSphere version I downloaded from my VMUG Advantage account (VMware-VMvisor-Installer-201704001-5310538.x86_64.iso).

You need to boot from the image you downloaded. This operation highly depends on the medium and the maker of the system where you are going to install vSphere, so I will not go into specifics. For example, I will install vSphere into a virtual machine (a configuration unsupported by VMware, but often seen in home labs), so I will just mount the iso file into the cd drive and power on the VM.